Assurance report: Internal Audit of Federal Government consulting contracts awarded to McKinsey & Company

Office of the Chief Audit, Evaluation and Risk Executive
Public Services and Procurement Canada

1. Conformance with professional standards

This internal audit was conducted in conformance with the International Standards for the Professional Practice of Internal Auditing.

2. Background

Procurement in the Government of Canada is subject to the Treasury Board of Canada (TB) Directive on the Management of Procurement and the now rescinded TB Archived: Contracting Policy ^{footnote 1}, which has as its objective to ensure that the procurement of goods, services and construction obtains the necessary assets and services that support the delivery of programs and services to Canadians, while ensuring best value to the Crown. As a result, among others, procurements are expected to enable operational outcomes, to be subject to effective governance and oversight mechanisms, to be fair, open, and transparent, and to meet public expectations in matters of prudence and probity.

Public Services and Procurement Canada (PSPC) plays an important role in the Government of Canada operations as a key service provider for federal departments and agencies. It supports departments and agencies in the achievement of their mandated objectives as their central purchasing agent. Of note, PSPC is unique in comparison to other departments and agencies given its dual role as a common service provider (contracting authority) for other government departments and agencies, in addition to exercising its delegated authority for departmental acquisitions as the business owner (technical authority). Both roles are administered by the Procurement Branch.

To this end, the role of PSPC as a common service provider entails planning and organizing the provision of materiel and related services, and the acquisition of goods, services, and construction on behalf of departments and agencies, as well as enhancing integrity and efficiency in the contracting process. In particular, the Government of Canada requires access to third-party skills and expertise through procurement to execute its mandate, including access to firms with global reach and proprietary benchmarking or advisory services. As a result, the Procurement Branch establishes procurement instruments, including standing offers and supply arrangements, to streamline and reduce redundancy in the procurement process, such as pre-qualifying suppliers who are required to meet mandatory corporate capability and financial criteria, allowing for wide use by client departments. These instruments are established in accordance with federal government procurement policies and regulations.

Additionally, based on the PSPC’s Policy on Procurement, the department is also responsible for ensuring that an infrastructure is in place that allows individuals contracting for PSPC's own purposes to be in compliance with the letter and the spirit of the TB Directive on the Management of Procurement.

In January 2023, the Prime Minister of Canada tasked Minister Fortier, as President of the TB, along with Minister Jaczek, Minister of Public Services and Procurement, to undertake a review of contracts awarded to McKinsey & Company (hereafter referred to as McKinsey). On February 8, 2023, the Office of the Comptroller General of Canada (OCG) requested from government organizations a list of all contracts with McKinsey and related information dating back to January 1, 2011, by February 15, 2023. For those organizations that have been the technical authority and/or entered into any such contracts as the contracting authority, the OCG has directed the Chief Audit Executives of these organizations to conduct a formal independent internal audit of the related procurement processes, with results to be reported to the OCG by March 22, 2023.

3. Audit objectives and scope

The objectives of the audit were to determine the following for all scoped-in contracts with McKinsey:

the integrity of the procurement process was maintained consistent with adhering to the Values and Ethics Code for the Public Sector and the Directive on Conflict of Interest
the procurements were conducted in a fair, open and transparent manner consistent with the TB policy that was in place at the time (Archived: Contracting Policy or the Directive on the Management of Procurement)
the procurements were conducted in a manner consistent with the organization’s internal processes and control frameworks (in other words, consistent with procurement management frameworks, financial controls, security controls)

The scope of the audit focused on the examination of the procurement practices for all competitive and non-competitive contracts with McKinsey that were awarded (in other words, signed) by PSPC as either a common service provider or under its own delegated authority between January 1, 2011, and February 7, 2023. The audit also examined the establishment of any standing offers or supply arrangements during the scope period. Standing offers and supply arrangements are non-binding procurement instruments between the federal government and potential suppliers of specified goods or services, which outline the terms and conditions that will apply to future requirements to be ordered or solicited on an “as and when” required basis.

During the scope period, PSPC as common service provider established 1 National Master Standing Offer (number EN578-211925/001/ZM) with 19 non-competitive call-ups against said standing offer for an aggregate total value of $48,755,150 (see Table 1: Standing offers and related call-ups with McKinsey). PSPC also established 3 supply arrangements. Resulting from 1 of the supply arrangements (number E60ZT-16TSSB/091/Z) was 1 competitive contract with a client department ($24,848,700) and 1 non-competitive contract where PSPC was the client department ($24,860) for an aggregate total value of $24,873,560 (see Table 2: Supply arrangements and related contracts with McKinsey).

Additionally, PSPC was the common service provider for 1 competitive contract ($1,332,000). The department also established 1 competitive contract ($29,620,266) and 1 non-competitive contract ($0) for its own purposes. For these 3 contracts, the aggregate total value is $30,952,266 (see Table 3: Other contracts with McKinsey).

In summary, PSPC has contracted a grand total value of $104,580,976 with McKinsey.

The audit did not assess:

all contracts with any entity other than McKinsey
all contracts awarded (and signed) outside of the audit period
compliance with any other policy instrument, laws and/or regulations not specifically mentioned in this audit report

Table 1: Standing offers and related call-ups with McKinsey
Number	Start date and end date	Contract amount	Procurement strategy	Contract type	Client department	Purpose of contract
National master standing offer
EN578-211925/001/ZM	2021-02-26 to 2023-02-28	Not applicable (N/A)	Standing offer	Non-competitive	PSPC	Benchmarking services consisting of functional tools, databases, and expert support to measure performance against similar Canadian and international organizations in order to identify deficiencies and opportunities for improvement. Such services may be used to support complex programs, including digital modernization and other large transformation initiatives.
Call-ups against National Master Standing Offer (the following 19 call-ups were against the National Master Standing Offer—EN578-211925/001/ZM)
1.	2021-03-22 to 2021-05-31	$1,998,409	Non-competitive	Call-up	Department of National Defence (DND)	To support the Digital Navy Program and diagnose the Navy’s readiness to execute the digital initiatives.
2.	2021-03-24 to 2021-04-28	$339,895	Non-competitive	Call-up	Employment and Social Development Canada (ESDC)	To support ESDC with the expansion view of its mandate and an improved, enhanced and augmented business model by assessing the department’s maturity and inform the leadership team on the key components of this new business model.
3.	2021-03-25 to 2021-04-22	$1,075,735	Non-competitive	Call-up	DND	To support Royal Canadian Navy with their artificial intelligence-driven fleet management tool and assess their readiness and analytics maturity.
4.	2021-07-30 to 2021-10-08	$2,567,535	Non-competitive	Call-up	DND	To support an actionable roadmap to build a modern complainant-centric digital solution, to replace the current fragmented data sets and technologies used across the DND and the Canadian Armed Forced (CAF).
5.	2021-08-05 to 2021-10-15	$1,606,488	Non-competitive	Call-up	DND	To support an actionable diversity, equity, and inclusion framework to support the review of culture-related reports and recommendations and to categorize topics and recommendations according to organizational frameworks.
6.	2021-09-20 to 2022-03-25	$5,718,569	Non-competitive	Call-up	DND	To support CAF with its current culture gaps contrary to professed culture.
7.	2021-10-05 to 2022-02-25	$5,252,633	Non-competitive	Call-up	Export Development Canada (EDC)	To support EDC in its organization’s transformation with digital and non-digital lever by the implementation of a more agile team-based operating model through an assessment of the organization and operating model and by making recommendations on roles, team composition and orchestration across the organization.
8.	2021-10-25 to 2022-01-04	$517,388	Non-competitive	Call-up	ESDC	ESDC/Service Canada Transformation: Leadership Counseling Support.
9.	2021-11-03 to 2022-02-07	$2,647,587	Non-competitive	Call-up	DND	To support the Digital Navy Program and identify capabilities gap that needs to be filled for their digital initiatives.
10.	2021-11-04 to 2022-02-11	$3,087,079	Non-competitive	Call-up	DND	To support a capability assessment for the Integrated Complaints Management Solution for DND/CAF.
11.	2022-02-16 to 2022-07-08	$3,383,714	Non-competitive	Call-up	Business Development Bank of Canada (BDC)	To support BDC on the assessment of the organization’s overall health as it moves to fully launch its transformation (2030 vision and aspiration).
12.	2022-02-24 to 2022-05-20	$2,486,334	Non-competitive	Call-up	DND	To support a capability assessment for the Integrated Complaints Management Solution for DND/CAF.
13.	2022-03-15 to 2022-05-27	$2,486,334	Non-competitive	Call-up	EDC	To support EDC in refining strategies, concepts and tools developed to date for its blueprint to support agile ways of working to deliver products and services better and faster to customers.
14.	2022-03-31 to 2022-05-27	$1,195,021	Non-competitive	Call-up	DND	To support CAF operational level headquarters to improve and accelerate its modern digital and agile practices.
15.	2022-08-05 to 2022-09-30	$1,533,767	Non-competitive	Call-up	DND	Benchmarking Services to support CAF operational level Headquarters to improve and accelerate its modern digital and agile practices.
16.	2022-08-16 to 2023-02-07	$5,742,858	Non-competitive	Call-up	ESDC	To support ESDC with its digital journey assessment that will enable reimagination of the end-to-end client and employee experience.
17.	2022-10-21 to 2022-12-19	$1,975,271	Non-competitive	Call-up	Canada Border Services Agency (CBSA)	To support CBSA with the review of its assessment and revenue management solution’s ability to enable outcomes/benefits and to recommend mitigations where benefits are at risk.
18.	2022-10-24 to 2023-03-03	$2,047,705	Non-competitive	Call-up	DND	Benchmarking services to support DND’s complaints process transformation.
19	2023-01-09 to 2023-04-17	$3,092,828	Non-competitive	Call-up	DND	Benchmark of the Chief of Professional Conduct and Culture’s overall current state of culture.

Table 2: Supply arrangements and related contracts with McKinsey
Number	Start date and end date	Contract amount	Procurement strategy	Contract type	Client department	Purpose of contract
Supply arrangements
EN537- 05IT01/233/EI	2019-08-13 Perpetual^{table 2 note 1}	N/A	Supply arrangement	Competitive	PSPC	Solutions-based informatics professional services is a method of supply comprising of services and, in certain situations, essential goods, whereby a supplier defines and provides a solution to a requirement, manages the overall requirement, phase or project and accepts responsibility for the outcome.
E60ZT- 16TSSB/091/ZT	2017-05-16 Perpetual^{table 2 note 2}	N/A	Supply arrangement	Competitive	PSPC	The Tasks and Solutions Professional Services – For Solutions is the mandatory method of supply for the provision of solution-based, non-informatics professional services. It covers 5 core areas of expertise that are commonly and nationally used: Human resources services; Business consulting/change management services; Project management services; Real property project management services; and Technical, engineering and maintenance services.
E60ZN- 15TSSB/ 092/ZN	2015-08-23 to 2017-03-31	N/A	Supply arrangement	Competitive	PSPC	The Tasks and Solutions Professional Services – For Solutions is the mandatory method of supply for the provision of solution-based, non-informatics professional services. It covers 5 core areas of expertise that are commonly and nationally used: Human resources services; Business consulting/change management services; Project management services; Real property project management services; and Technical, engineering and maintenance services.
Contracts against a supply arrangement
1.	2019-05-30 to 2020-03-31	$24,860	Noncompetitive against a supply arrangement	Contract	PSPC	Subject-matter expert in information technology (IT) and business transformations for Human Resources-to-Pay stabilization to assist in identifying the remaining challenges and areas of focus to achieve and maintain a steady state for Human Resources-to-Pay over the 2020-to-2023 period.
2.	2019-06-26 to 2021-12-31	$24,848,700	Competitive against a supply arrangement	Contract	Immigration, Refugees and Citizenship Canada (IRCC)	Expertise from global experts in developing and implementing transformation strategies to support IRCC’s service transformation.
Table 2 note(s) Table 2 note 1 As per Annex A.6.2 of the TB Directive on the Management of Procurement, the use of PSPC’s supply arrangements is mandatory for certain commodity classes. As such, supply arrangements need to remain available for use by departments and agencies and can be cancelled provided a replacement has been established. Return to table 2 note 1 referrer Table 2 note 2 Ibid. Return to table 2 note 2 referrer

Table 3: Other contracts with McKinsey
Number	Start date and end date	Contract amount	Procurement strategy	Contract type	Client department	Purpose of contract
1.	2018-08-31 to 2020-08-30	$1,332,000	Competitive	Contract	CBSA	To establish and operate a Value Management Office for the CBSA Assessment and Revenue Management Project. The Contractor is to provide methodologies, processes, strategic advice and a team of qualified resources.
2.	2020-02-27 to 2023-03-31	$29,620,266	Competitive	Contract	PSPC	Accelerator Services to support the Public Service Pay Centre in eliminating the backlog of outstanding pay transactions and to generate efficiencies in processing new intake of transactions going forward.
3.	2020-07-24 to 2022-12-31	$0	Non-competitive	Contract	PSPC	Global expertise services to help Canada urgently respond to a wide variety of issues related to the COVID-19 pandemic.

4. Approach

The OCG provided all implicated departments and agencies with an audit plan and audit work program to ensure consistency of coverage across the Government of Canada who are responsible for executing this program for their respective organizations. Given PSPC’s dual role as a common service provider and as departmental acquisitions within PSPC’s own delegated authority and the need to assess the establishment of the standing offer and supply arrangements, the department adapted the OCG audit work program accordingly (see Appendix C: Audit criteria). To ensure the integrity and objectivity of the work, this audit was conducted only by public servant internal auditors subject to the Global Internal Auditing Code of Ethics of the Institute of Internal Auditors.

5. Findings and recommendations

The following describes the findings and recommendations of objective 1.

5.1 Objective 1: Integrity of the procurement process

A list of detailed observations by audit criteria and associated assessment for both PSPC’s role as a common services provider and with respect to exercising its delegated authority for departmental acquisitions as the business owner are outlined in Appendix E: Detailed observations.

5.1.1 Values and ethics

The Values and Ethics Code for the Public Sector (the Code) indicates that public servants shall serve the public interest by:

acting at all times with integrity, and in a manner that will bear the closest public scrutiny
never using their official roles to inappropriately obtain an advantage for themselves or to advantage or disadvantage others
taking all possible steps to prevent and resolve any real, apparent or potential conflicts of interest between their official responsibilities and their private affairs in favour of the public interest

Complementing the Code is the TB Directive on Conflict of Interest , which seeks to minimize the risks associated with conflict of interest and conflict of duties situations. Furthermore, Chapter 3 of the PSPC’s Departmental Code of Conduct provides all employees with guidance on conduct and expected behaviours as they carry out their duties on behalf of the department, including those related to conflict of interest.

5.1.2 Current public servants and public office holders

The audit team found that PSPC employees are automatically bound by these codes as a condition of employment. Furthermore, compliance is maintained by requiring all employees to acknowledge and behave in alignment with the Code during the beginning of the assessment period of the annual performance management cycle. Also, there are conflict of interest controls in place based on communication, awareness and understanding of relevant policy instruments, which are primarily reliant on self-reporting. Notably, the audit team found that no documents were on file denoting that conflicts of interest were declared by current public servants or public office holders for any of the 24 contracts.

Moreover, there is an expectation that the contractor selection is not to be influenced in any way by the Minister or staff in the Minister’s office. The audit team found no indication, based on its documentation review of all 24 contracting files, that the Minister or the Minister’s staff influenced the contracting process for the McKinsey contracts. In fact, the only instance of the Minister or the Minister’s staff involvement was when the Minister’s approval was required for 1 call-up against the National Master Standing Offer given the authority limits outlined in the PSPC Delegated of Authority and Guidance Instrument.

5.1.3 Conflict of interest for suppliers

As per Archived: section 4.2.12 of the TB Contracting Policy, all contracts must contain appropriate clauses to reflect the requirements of the Conflict of Interest Act, and is further articulated in section 4.15 of the Public Services and Procurement Canada Supply Manual. Additionally, suppliers agree to comply with the PSPC Code of Conduct for Procurement, which includes the need for suppliers to disclose any conflicts of interest matters in writing to the contracting authority and are bound by its terms for the duration of the contract. Also, no documents were on file denoting that conflicts of interest were declared by the supplier for any of the 24 contracts.

5.1.4 Former public servants and public office holders

The TB Directive on the Management of Procurement, section 4.5.5 indicates that contracting authorities are responsible for including requirements for former public servants to self-identify and informing suppliers that this information will be proactively disclosed. This is supplemented by section 4.30.45.25 Public Services and Procurement Canada Supply Manual, which states that Standard Acquisition Clauses and Conditions Manual clauses, as applicable, must be used in all solicitations to ensure compliance with public servant policies and that suppliers are required to self-identify as a former public servant, as applicable.

Controls related to conflicts of interest declared by former public servants or former public office holders are based on policy awareness and reliant on self-reporting. As such, the expectation is that former public servants and former public office holders ensure that the integrity of the procurement process is maintained. The audit team found that no documents were on file denoting that conflicts of interest were declared by former public servants or former public office holders for any of the 24 contracts. Additionally, all 24 contracts reviewed contained clauses for former public servants to self-identify. Notably, McKinsey, as a corporation that provides services to Canada, is not considered a former public servant, and therefore there could be no instances of contracting with a former public servant as per the aforementioned definition of a former public servant. That being said, depending on the security instructions for a contract, security screenings are conducted for individual consultants (see section 5.2.2.3: Security requirements).

5.1.5 Conclusion

Overall, the integrity of the procurement process was maintained and compliant with the Values and Ethics Code for the Public Sector, Directive on Conflict of Interest, and supporting procurement policy instruments and procedures. Specifically, no instances of non-conformity were found with respect to conflict of interest regarding current or former public servants or public office holders as well as McKinsey.

5.1.6 Recommendations

Not applicable.

5.2 Objective 2: Fairness, openness, and transparency, in line with applicable policy

The following describes the findings and recommendations of objective 2.

5.2.1 Establishment of the standing offer and supply arrangements

5.2.1.1 National Master Standing Offer

According to Chapter 3 of the Public Services and Procurement Canada Supply Manual, a standing offer is an offer from a supplier to Canada that allows departments and agencies to purchase goods and/or services on an “as and when requested” basis for a pre-arranged price and during a specific period of time. A standing offer is not a contract.

Through the use of a call-up process, which incorporates the terms and conditions and pricing of the standing offer, a separate contract is formed each time a call-up for the provision of goods and/or services is made against the said standing offer. This method of supply is often used to facilitate access to, and accelerate the procurement of, various goods and services by establishing qualified supplier(s) when 1 or more clients repeatedly has the same demand. Standing offers may be competitive or non-competitive in nature and, whenever possible, preference is to use a competitive process.

In the event that a non-competitive process is undertaken, section 4.10 of the TB Directive on the Management of Procurement states that contracting authorities are responsible for ensuring that justification for using limited tendering are created and maintained on the contract file. Furthermore, Public Services and Procurement Canada Supply Manual, Chapter 3 indicates that in all instances where bids are not solicited, the justification must include a reference to the applicable exception to competitive bidding under 1 of the 4 reasons defined in the Government Contracts Regulations , of the Financial Administration Act, (FAA). These 4 reasons are:

6.(a) the need is 1 of pressing emergency in which delay would be injurious to the public interest
6.(b) the estimated expenditure does not exceed specified limits ($40,000 in the case of services)
6.(c) the nature of the work is such that it would not be in the public interest to solicit bids
6.(d) only 1 person/firm is capable of performing the contract

Additionally, when exception 6.(d) of the Government Contracts Regulations has been invoked, TB Contracting Policy Notice 2007-4 – Non-Competitive Contracting requires that 7 questions must be considered and answered.

Work to establish the standing offer with McKinsey was undertaken over the course of fall 2019 and into the first few months of 2020, with the Procurement Branch assessing demand from departments and agencies for these proprietary benchmarking services. Based on these requirements, PSPC established the non-competitive National Master Standing Offer with McKinsey in February 2021 to support clients that required benchmarking services (see Appendix D: McKinsey benchmarking services for a complete list of benchmarking services provided by McKinsey). The initial period for making call-ups was March 1, 2021, to February 28, 2022, which was subsequently extended to February 28, 2023. This standing offer has now expired.

The audit team found that the Procurement Branch had developed a sole source justification denoting that it invoked exception 6.(d) on the basis of McKinsey holding exclusive rights to provide benchmarking services using its proprietary survey-based diagnostics and data sets. These data sets are based on information obtained from McKinsey’s global clients through proprietary surveys and no other vendor has the right to access and use McKinsey’s datasets, nor are resellers authorized to distribute McKinsey surveys or apply its diagnostics. Furthermore, the team found that the branch responded to the 7 questions that must be considered when invoking exception 6. (d). Of note, for 1 of TB’s questions related to whether other alternative sources of supply for the same or equivalent support were considered and if so, why they were not recommended, the team found that while the response stated that there are other firms capable of providing benchmarking services, only McKinsey offers Digital Quotient and 360-degree benchmarks. However, there was no evidence on file of research being conducted at the time of the establishment of the standing offer to confirm that there were no alternative sources of supply for the same or equivalent service.

Additionally, question 7 of the TB questions asked to describe the efforts taken to identify a variety of suppliers and explain any impact the Trade Agreement thresholds or “TB contracts Directive contract entry/amendment limits” will have on the proposed procurement strategy. Furthermore, in the guidance provided to assist clients in responding to that question, it is mentioned that PSPC will post an Advance Contract Award Notice (ACAN) on the Government Electronic Tendering Service (GETS) to ensure there are no suppliers that can meet this requirement. While the posting of an ACAN is not a mandatory process, the audit team found that it was not conducted. As per PSPC’s Procurement Branch representatives, this approach was considered but not selected due to the proprietary nature of the services.

Based on documentation reviews, the audit team found that cost and price analysis services were engaged for the standing offer, for which pricing was deemed fair and reasonable. Also, a Procurement Risk Assessment Result that outlines the overall risk level and a Procurement Risk Assessment Summary that lists all the identified risks were on file.

Moreover, the audit team found that there are no policy requirements for companies to be screened for security at the establishment of a standing offer. Furthermore, the security requirements were not required for the National Master Standing Offer at the time the instrument was established. Additionally, the security instructions for the call-ups outlined in the standing offer were contradictory. For example, the Security Section on the cover page, indicated that this “Standing Offer shall not be used for call-ups where security requirements have been identified” but Section 8.0 Call-up Procedures denotes that a completed and signed Security Requirements Check List, if applicable, must be provided by the identified user for individual call-ups exceeding $200,000. The audit team was informed by Procurement Branch representatives that the cover page was incorrect, and the intent was to allow for various security requirements for call-ups.

Additionally, the initial standing offer was signed and approved by individuals with the appropriate delegated authority. However, while the 2 amendments were approved by the appropriate delegated authority, only 1 copy was signed by PSPC and McKinsey.^{footnote 2}

5.2.1.2 Establishment of supply arrangements

The Public Services and Procurement Canada Supply Manual, Chapter 3 states that a supply arrangement is a non-binding arrangement between Canada and a pre-qualified supplier that allows departments and agencies to solicit bids and award contracts from a pool of pre-qualified suppliers for specific requirements within the scope of the supply arrangement. The intent of the supply arrangement is to establish a contracting framework to permit the expeditious processing of individual follow-on bid solicitations, which result in legally binding contracts for the goods and/or services described within the individual bid solicitations.

McKinsey is 1 of several qualified suppliers in 3 competitive supply arrangements that PSPC established in 2015, 2017 and 2019, respectfully. The audit team found that all 3 supply arrangements had appropriate requirements for services, bid selection methodology and evaluation criteria. However, there were no individual assessments on file and the results of consensus evaluations were not dated and signed. Also, documentation exists to confirm that procurement risk assessments were undertaken for only 1 of the 3 supply arrangements.

Additionally, the audit team found that copies were on file for 1 of the 3 supply arrangements signed by both PSPC and McKinsey and only by 1 party for the remaining 2 supply arrangements. Also, copies of 3 of the 4 related amendments signed by both PSPC and McKinsey were on file but the copy on file for the third amendment was only signed by PSPC. Moreover, for all 3 supply arrangements, the audit team found evaluation summary checklists indicating that the security clearance for McKinsey was compliant prior to the procurement instrument being put in place. Furthermore, McKinsey had the appropriate security clearance, which was recorded in the Departmental and Industrial Security Information System.

5.2.1.3 Conclusion

Overall, the establishment of the standing offer and 3 supply arrangements were only partially compliant in terms of being fair, open and transparent and in accordance with the applicable policy. For the non-competitive standing offer, required justifications were completed and cost and price analysis services were obtained, which confirmed the fairness and reasonableness of pricing. Also, with respect to the supply arrangements, requirements for services, methodologies and criteria were developed and on file. However, contract documentation could have been more fulsome to support actions and decisions.

Additionally, no security requirements were required for the National Standing Offer and for all 3 supply arrangements, McKinsey had the appropriate security clearance. Also, for the most part, delegated authorities were appropriately exercised. However, there was a lack of signatures by both PSPC or the supplier on the amendments for the standing offer as well as the supply arrangement and 1 related amendment.

5.2.2 Call-ups and contracts

The following describes the call-ups and contracts involved in this report.

5.2.2.1 Defining requirements and determining procurement strategy

Archived: Section 16.1 of the TB Contracting Policy states that the “statement of work or requirements description should clearly describe the work to be carried out, the objectives to be attained and the time frame.” It also indicates that the statement of work “should also identify the specific stages of the work, their sequence, their relationship to the overall work in general and to each other in particular.” This Policy is supported by Annex 1.1 in the Public Services and Procurement Canada Supply Manual, which identifies the client department as the lead for developing this document.

Additionally, as per section 10.6 of the Treasury Board Archived: Contracting Policy, any use of the 4 exceptions to the bidding requirement should be fully justified on the contract file, which is further articulated in Archived: Contracting Policy section 3.15 of the Public Services and Procurement Canada Supply Manual. See section 5.2.1: Establishment of the standing offer and supply arrangements also, regarding contract documentation, Archived: section 12.3 of the Treasury Board Contracting Policy. states that "files shall be established and structured to facilitate management oversight with a complete audit trail that contains contracting details related to relevant communications and decisions."

Public Services and Procurement Canada as a common service provider

Based on documentation reviews, the audit team found that 18 of the 19 call-ups had statements of work with 1 that defined their own requirements and 17 referencing the statement of work developed for the National Master Standing Offer or to McKinsey’s proposal. The OCG confirmed that for a call-up against the National Master Standing Offer using the statement of work provided in said standing offer was not sufficient to comply with policy requirements and that client departments are required to define their own requirements.

With respect to justification to support the procurement strategy, the audit team found that 1 of the 19 call-ups had justifications documented on file for the use of a non-competitive procurement process (1 of the 4 reasons) and for choosing the procurement vehicle. Furthermore, 5 of the 19 call-ups had documentation on file confirming that the contracting officer ensured alignment between the call-up and the standing offer.

Given that there was no documentation on file demonstrating the client departments’ compliance with respect to providing their own requirements and developing the required justifications, the audit team found that a challenge function was not effectively conducted by contracting officers in these regards.

Additionally, due to the overall lack of contract documentation on file, the audit team was unable to conclude as to whether the statements of work were completed prior to vendor selection and contract award or that the use of the National Master Standing Offer was in fact, the best procurement instrument to meet client department requirements.

For the 2 competitive contracts, the audit team found that statements of work were appropriately developed prior to contact award and were appropriately challenged by the contracting authority. Furthermore, as these contracts were competitive, no justifications were required.

Moreover, the audit team found that the durations of the 19 call-ups and 2 competitive contracts were reasonable.

Of note, the audit team was informed by Procurement Branch representatives that processes related to the call-ups against the National Master Standing Offer were updated and implemented in January 2023 that re-iterated to PSPC contracting officers the need to ensure that client departments provide a statement of work prior to contract award and justifications specific to their requirements.

Public Services and Procurement Canada as a client department

Of the 3 contracts, the audit team found that the 1 competitive contract had a statement of work that was appropriately developed prior to contract award and that it was challenged by the contract authority.

Also, from the 3 contracts, 2 were non-competitive and justifications for the use of limited tendering was on file for only 1 contract. Furthermore, for the 1 non-competitive contract against a supply arrangement, the justification for choosing the procurement vehicle and support to demonstrate alignment between the supply arrangement and tasks required by the contract were on file. Additionally, the audit team found that the durations of the 3 contracts were reasonable.

5.2.2.2 Contract splitting

According to Archived: section 11.2.7 of the TB Contracting Policy, contracting authorities must not split contracts or contract amendments in order to avoid obtaining the appropriate approval required by statute, the TB Contracts Directive or appropriate management approval within the department or agency.

Public Services and Procurement Canada as a common service provider

Standing offers are designed to provide an option for recurring call-ups as requirements are identified and present a minimum inherent risk of contract splitting. Given the aforementioned documentation deficiencies, the audit team was unable to assess the client’s intent at the time each call-up was initiated as having the same or similar work done in the future. See section 5.2.2.1: Defining requirements and determining procurement strategy. Furthermore, Procurement Branch management shared that work is allocated to contracting officers on an ad-hoc basis and is not presently reviewed holistically to ensure that multiple contracts are not awarded to the same vendor by the same department or agency within a short period of time.

For the 2 competitive contracts, the audit team found no evidence of contract splitting.

Public Services and Procurement Canada as a client department

For the 3 contracts, the audit team found no evidence of contract splitting.

5.2.2.3 Security requirements

For contracts, security requirements must be addressed to ensure compliance with the provisions with the TB Policy on Government Security.

Public Services and Procurement Canada as a common service provider

As noted above, the National Master Standing Offer contained conflicting security instructions and that the intent was to allow for various security requirements for call-ups. See section 5.2.1.1: National Master Standing Offer. The audit team found that all 19 call-ups, appropriately determined whether security provisions were required; which generally occurs at the time of requisitioning services. Accordingly, for the 8 call-ups that had security requirements, 7 had an approved Security Requirements Check List on file.

Additionally, for the 2 competitive contracts, security provisions were identified, and an approved Security Requirements Check List was on file.

Public Services and Procurement Canada as a client department

The audit team found that security requirements were outlined in the statement of work and an approved Security Requirements Check List for all 3 contracts was on file. Furthermore, based on documentation reviews, for 1 of the 3 contracts, consultants had the required security levels, for the second contract, security clearances were on file for 1 of the 3 consultants, and for the third contract, security clearances for none of consultants were not on file.

5.2.2.4 Procedures and pricing for call-ups against a standing offer/non-competitive contracts against a supply arrangement

The National Master Standing Offer outlines procedures that need to be adhered to and pricing to be used when initiating a call-up. The audit team found that all 19 call-ups adhered to the procedures, including obtaining approval from PSPC if the call-up exceed $200,000, and the pricing was based on the amounts outlined in the standing offer.

Moreover, the audit team found that all 19 call-ups were signed by a contracting officer^{footnote 3} subsequent to the contract award date of the National Master Standing Offer. Furthermore, the 4 amendments were signed by both PSPC and McKinsey before the end date of the initial call-up. However, for 2 of the 19 call-ups and 2 of the 4 related amendments, the end dates were subsequent to the end date of the National Master Standing Offer.

In terms of the 1 non-competitive contract against a supply arrangement, the audit team found that procedures were followed. However, while there was some documentation on file regarding pricing, there was no support demonstrating that the price was fair and reasonable.

5.2.2.5 Bid evaluations for competitive contracts

The TB Directive on the Management of Procurement, section 4.5 states that contracting authorities are responsible for ensuring that bids are solicited for contracts and for limiting the number of mandatory technical criteria to those determined to be essential requirements to achieve the desired outcomes and ensure that no bid is unnecessarily disqualified. The role of PSPC as the common service provider includes an advisory function to challenge requirements, as developed by the client departments, when mandatory criteria may be overly restrictive, or seem to favour certain bidders over others.

Public Services and Procurement Canada as a common service provider

For 2 competitive contracts, the audit team found that the bid selection method and evaluation criteria were outlined in the bid solicitation document before the Request for Proposal was issued. For both contracts, no documentation was on file to confirm the rationale for the identification of mandatory evaluation criteria. Furthermore, some potential bidders asked questions about the criteria, but there was no response on file to indicate how they were addressed. In the absence of any rationale, the audit team was unable to assess the appropriateness of the mandatory criteria, which could be perceived as overly restrictive. That being said, the criteria was challenged by the contracting authority. Additionally, that audit team found that for 1 contract, the bid was fully evaluated in accordance with all the terms and conditions of the solicitation. For the other contract, while no copies of the signed individual evaluation forms or the consensus evaluation form was on file, the remaining aspects of the bid were evaluated in accordance with the terms and conditions of the solicitation. Notably, McKinsey was the only bidder for each of the contracts.

Public Services and Procurement Canada as a client department

For the 1 competitive contract, the audit team found that the bid selection method and evaluation criteria were outlined in the bid solicitation document. However, there was no documentation on file to validate that they were prepared prior to issuing the Request for Proposal. Also, the criteria were not found to be too restrictive and it was challenged by the contracting authority. Additionally, the audit team found that the bid was partially evaluated in accordance with the terms and conditions of the solicitation as there was no evidence that the individual evaluations and consensus report were signed. In the end, there were 2 bidders, and the contract was awarded to the top ranked firm, McKinsey.

5.2.2.6 Delegation of authorities

PSPC’s Delegation of Authorities and Guidance Instrument is the official document whereby the Minister and Deputy Minister delegate authorities, including signing, financial and other authorities, to position titles, not individuals. The delegated authorities may be exercised operationally or functionally with levels commensurate with the hierarchy of authority within the organization and when a valid specimen signature card is in place for the specific delegated authorities. In combination with the delegation of authority, and the amount of the proposed contract or amendment, the procurement complexity and risk are assessed to determine the assignment of the contract to a contracting officer.

Public Services and Procurement Canada as a common service provider

The audit team found that all 19 call-ups and related amendments that had financial implications had required signed forms on file confirming funds are available pursuant to commitment authority. Also, 14 of the 19 call-ups and 3 of the 4 related amendments were appropriately signed or approved by the appropriate delegated authority in terms of transaction authority. Notably, 4 call-ups could not be assessed as the specimen signature card denoting delegated authority was not available. Also, for 1 of the call-ups and 1 amendment, the system producing the required approval levels for these contracts, erroneously identified that Manager approval was needed when, in fact, Ministerial approval was required. This system issue was identified in early 2022 and resulted in provided Manager level approval when in some instances a higher level of approval, including Ministerial approval, was required. A solution is underway to fix the issue and, in the interim, a warning message is displayed alerting all users to this issue and to ensure that all approvers validate their authority limits when approving documents.

With respect to the 2 competitive contracts, the required signed forms were on file confirming funds are available pursuant to commitment authority. In terms of transaction authority, for 1 of the contracts, the audit team found it was signed by the appropriate delegated authority, but they were unable to confirm that the person who approved had the appropriate delegated authority as their specimen card was not available. In terms of the second contract, while the form that identifies the required level for signing and approving the contract, was on file, it was not approved. As such, the audit team was unable to fulsomely assess the appropriateness of the delegated authority. Nonetheless, the audit team found that the contract and 2 amendments were signed or approved by individuals with delegated authority. For the third amendment, the audit team was unable to confirm the appropriateness of delegated authority as their specimen cards were not available for the individuals who signed and approved the amendment.

Moreover, all 4 call-up amendments and all 3 contract amendments were justified and substantiated.

Lastly, all 19 call-ups and 2 competitive contracts as well as all related amendments respected the PSPC contracting limits outlined in the respective policy.

Public Services and Procurement Canada as a client department

PSPC had 3 contracts as a client department and only 2 contracts were in scope from an delegated financial authority perspective as the third contract had a nil dollar value. The audit team found that the 2 contracts had the required signed forms on file confirming funds are available pursuant to expenditure initiation and commitment authorities, which were exercised by individuals with the appropriate delegated authorities.

Additionally, the audit team found that all 3 contracts and 7 related amendments were signed by both PSPC and McKinsey, approved by individuals with appropriate delegated authority and respected the PSPC contracting limits outlined in the respective policy. Also, for the 2 contracts with financial implication, while certification authority was exercised by the appropriate delegated authority, the audit team found that expenses were not fulsomely supported by documentation but could confirm that services were provided after the agreement was signed for 1 of the contracts. With respect to the second contract, the audit team found that the invoices did not contain sufficient details to support that the terms and conditions of the contract were met. Lastly, the team found that documentation denoted that progress meetings were held between PSPC and McKinsey.

Moreover, all 7 contract amendments were justified and substantiated.

5.2.2.7 Proactive disclosure

As per the TB Directive on the Management of Procurement, departments and agencies are required to proactively disclose contracting information. The audit team found that for PSPC as a client department, only 2 of its 3 contracts were subject to proactive disclosure and both were disclosed. However, 1 had inconsistencies in the start and end date of the contract between the information published, and that on file.

5.2.3 Conclusion

Overall, the procurements were only partially compliant in terms of being conducted in a fair, open and transparent manner in accordance with relevant policies. Deficiencies with contract documentation to support actions and decisions, impacted the execution of many activities. This limited the Procurement Branch’s ability to execute a fulsome challenge function and demonstrate that PSPC fulfills its roles and responsibilities as common service provider. In particular, for the 19 call-ups, this included the need to ensure that requirements appropriately reflected the services to be performed by the supplier, that the best procurement instrument was selected to meet client department requirements and that there was no contract splitting. Also, where competitive processes were used, the evaluation criteria could be perceived as being overly restrictive for several contracts as there was limited documentation on file to demonstrate otherwise. Additionally, system errors resulted in approvals from individuals at levels not commensurate with the amount, complexity, and risk of the contract.

While some of these issues may be due in part to gaps in the understanding of roles and responsibilities, it also demonstrated that basic procurement activities that were not conducted as expected and highlight the need to reinforce and improve contracting practices. See section 5.3.1: Roles, responsibilities, and accountabilities

5.2.4 Recommendations

1. The Assistant Deputy Minister, Procurement Branch, should ensure that information resources of business value related to contract administration are accessible, preserved and retained throughout the procurement lifecycle to support fair, open, and transparent procurement. This should include documentation on the statement of work for call-ups, justifications for sole source and procurement strategy, and contracting delegation of authorities.
2. The Assistant Deputy Minister, Procurement Branch, should ensure that PSPC, as a service common provider, performs a robust challenge function during the contracting process, that is properly documented. This would include when multiple contracts could be awarded to the same vendor by the same department or agency within a short period of time.

5.3 Objective 3: Adherence to departmental processes and control frameworks

Based on discussions with the Senior Designated Official for the management of procurement and the Chief Financial Officer (CFO), the audit team found that, in addition to the key controls under objectives 1 and 2, PSPC has several internal controls and processes in place to support the fair, open and transparent procurement of professional services contracts; both in its role of common service provider and for departmental acquisitions within PSPC’s own delegated authority. These controls and processes are outlined in the ensuing sections.

5.3.1 Roles, responsibilities, and accountabilities

According to Directive on the Management of Procurement section 4.1 of the Treasury Board Directive on the Management of Procurement, senior designated officials for the management of procurement are responsible for establishing, implementing, and maintaining a departmental procurement management framework that clearly define roles, responsibilities and accountabilities. To this end, in Annex 1.1 of the Public Services and Procurement Canada Supply Manual outlines responsibilities in a matrix format, which provides a generic division of anticipated types of responsibilities between PSPC as the common service provider and client departments.

The audit team found that while responsibilities are identified by procurement activities, each role identified as either lead, contributing or shared do not have an associated definition nor accountability. For example, for the requirements definition and contract administration activities, the “contributing” role does not clearly define the challenge and/or oversight function that should be performed by PSPC as a common service provider, which could lead to misinterpretation and varying outcomes.

5.3.2 Training, tools, and resources

One of the expected results of the TB Directive on the Management of Procurement is that procurements are managed in a manner that enables operational outcomes and demonstrates sound stewardship and best value consistent with the Government of Canada’s socio-economic and environmental objectives. To this end, contracting officers must conduct the procurement process in an open, fair, and honest manner, and all involved must apply prudence, probity, and transparency at each stage. As such, the greatest control is our people: contracting officers knowing how and when to apply the appropriate policy and legislative frameworks to their respective procurement, as well as supervisory review, escalation, and approval.

The audit team found that contracting officers acting both in the role of the common service provider as well as departmental acquisitions within PSPC’s own delegated authority have the training, tools, and resources available to support them in the discharge of their procurement-related responsibilities. Also, an information-sharing process exists to support the efficient and targeted dissemination of relevant and reliable information to those that need it. However, instances of non-compliance may result if policy is misinterpreted or if roles, responsibilities, and accountabilities are not clearly defined, documented, and communicated.

5.3.3 Monitoring and oversight

Monitoring and oversight activities are applied to each individual procurement file in a manner that is commensurate with the dollar value, risk, and complexity of the procurement. This includes the delegation of authorities as well as the procurement complexity assessment, and procurement risk assessment that escalates higher risk and complex procurements to more senior and qualified positions for approval.

5.3.3.1 Reviews and subject matter experts

Based on documentation reviews and interviews, the audit team found that files are subject to review, or engagement of a subject matter expert depending on risk and complexity of the contract. The audit team found that 23 of 24 contracts under scope of this audit had evidence of a review, which were largely conducted by the individual approving the contract. Additionally, for 6 contracts, there was evidence of a contracting officer soliciting the services of subject matter experts, such as legal services and price negotiation teams.

5.3.3.2 Post-procurement review

The audit team found that PSPC, in its role as common services provider, conducts post-procurement reviews after contract award for procurement activities based on a random sample with a weighted average for the sectors applied on a quarterly basis. Of note, 1 contract within the scope of this audit was subject to this review, and results denoted an overall lack of documentation on file. Moreover, the data from this review was aggregated in a report in 2020, which was distributed to Acquisition Program^{footnote 4} senior management in June 2020 and was subsequently discussed at the PSPC’s Executive Committee^{footnote 5} to help identify organizational trends, and to provide information to support continuous improvement.

Additionally, the audit team found that the methodology, as it is currently designed, would benefit from including contracts that are of higher risk or complexity and reviewed for accuracy and adequacy of such procurement. Based on interviews with the Procurement Branch management, the audit team was informed that a review of the entire process is currently underway, and management is considering adopting a proactive approach to identifying and addressing risks instead of conducting post-procurement reviews, which is reactive in nature.

5.3.3.3 Oversight committee

The audit team found that PSPC, as a common service provider, has oversight over high risk and complex procurements. In particular, a Procurement Review Committee was established based on the TB Archived: Procurement Review Policy (rescinded October 2019) as an interdepartmental procurement review process and provided an opportunity for socio-economic benefit to be considered for projects with procurements from $2 million up to $100 million before a contract was awarded. While 1 contract under the scope of this audit met the criteria and was tabled accordingly, there was no record of discussion or decision retained from this meeting.

Additionally, a new PSPC governance body, also entitled the Procurement Review Committee, was established with its inaugural meeting in December 2022. It will be a procurement-wide committee that will review high-profile procurements on a case-by-case basis, beginning at the procurement planning stage, including those requiring Minister or TB contracting approval prior to contract award.

5.3.4 Key programs

The following describes the key programs in relation to this report.

5.3.4.1 Procurement Complexity Assessment and Procurement Risk Assessment

As per section 2.30.10 of the Public Services and Procurement Canada Supply Manual, each requisition undergoes an assessment to determine the complexity level of the procurement to direct the requirement into the appropriate process stream and to allocate it to a contracting officer with the necessary skill set to handle the procurement. Additionally, section 3.1.5 states that the risk assessment process is applied to procurements to determine the level of risk the federal government faces when entering into contracts. Furthermore, a procurement risk assessment applies regardless of complexity level and must be completed at the procurement strategy phase, prior to preparing an approval document. As noted previously, the system producing the required approval level for contracts was providing erroneous results and an interim solution has been put in place until the issue is rectified. See section 5.2.2.6: Delegation of authorities.

The audit team found that all required contracts under audit were assessed at the lower spectrum of complexity level, and a risk level of low to medium-high.

5.3.4.2 Government of Canada’s Integrity Regime

The Government of Canada’s Integrity Regime, administered by PSPC’s Departmental Oversight Branch, is a rules-based debarment and suspension system designed to help ensure that the Government of Canada conducts business with ethical suppliers in Canada and abroad. The Regime includes an Ineligibility and Suspension Policy, which sets out when and how a supplier may be declared ineligible or suspended from doing business with the federal government for a specified period of time. Contracting officers are expected to ensure that all applicable solicitations and contracts include the Integrity Provisions, and that a formal integrity verification is conducted in advance of contract award. It should be noted that the integrity verifications are not required for call-ups or contracts against standing offers and contracts against a supply arrangement, as they are done when the standing offers and supply arrangements are established.

The audit team found that the standing offer and all 3 supply arrangements had an integrity verification on file Furthermore, for the 3 competitive contracts, integrity provisions were appropriately included and integrity verifications were performed. Additionally, the audit team found that during the scope period the status of McKinsey remained unchanged under the Integrity Regime, and there were no impediments or restrictions under the Regime placed upon the supplier.

5.3.4.3 Fairness Monitoring Program

The fairness monitoring program was established under the PSPC’s Policy on Fairness Monitoring to provide independent assurance that procurements are conducted in a fair, open, and transparent manner, and to enhance public trust in the way the government does business. The audit team found that a fairness monitor was not engaged for any of the 3 competitive contracts under the scope of this audit at the procurement planning stage since they did not meet the merits as per section 3.135 of the Public Services and Procurement Canada Supply Manual.

5.3.4.4 Vendor Performance Corrective Measures Policy

The PSPC Vendor Performance Corrective Measure Policy became effective November 4, 2010, and applies to PSPC’s Acquisitions Program as a common service provider for transactions under its authority. As per the section 8.180.15.20 c of the Public Services and Procurement Canada Vendor Performance Corrective Measure Policy, the Vendor Information Management system is to be checked for a vendor performance corrective measure at bid closing for competitive procurements, and prior to any interaction with a sole source vendor. It must also be rechecked prior to contract award and before issuing amendments or exercising options. The audit team found that no performance issues were reported nor were any vendor performance compliance assessments conducted or applied to the company in the system for McKinsey during the scope period.

5.3.5 Conclusion

Overall, the key controls tested under objective 3 partially compliant. PSPC’s roles and responsibilities were defined, documented, and communicated. However, they would benefit from greater clarity by distinguishing between those related to the PSPC as a common service provider and departments. Additionally, training, tools and resources are in place to support contracting officers in the discharge of their procurement-related responsibilities and information-sharing processes exist to support the efficient and targeted dissemination of relevant and reliable information to those that need it. Moreover, monitoring and oversight activities were applied for the procurement of professional services contracts, and governance bodies existed for high risk and complex procurement. However, more rigour is required with respect to its procurement planning process to ensure greater coverage of higher risk or complex contracts. Lastly, PSPC has programs in place to support its internal processes and control framework.

Also, there is an opportunity to review the current post-procurement review methodology and consider incorporating a more proactive approach to ensure the verification of contracts that are of higher risk or complexity.

5.3.6 Recommendations

3. The Assistant Deputy Minister, Procurement Branch, should review and clarify the procurement roles, responsibilities and accountabilities between PSPC and client departments, especially in terms of clarifying the roles noted as “contributing” to the process included in Annex 1.1: Matrix of Responsibilities of the Public Services and Procurement Canada Supply Manual.
4. The Assistant Deputy Minister, Procurement Branch, should ensure that a rigorous process is in place for procurement planning that identifies and addresses risks and integrates best practices.

6. Management response

The findings and recommendations of this audit were presented to management of PSPC. The audit report was reviewed and recommended for deputy head approval by PSPC’s Departmental Audit Committee.

PSPC establishes procurement instruments, including supply arrangements and standing offers to streamline and reduce redundancy in the procurement process with pre-qualified suppliers who are required to meet mandatory corporate capability and financial criteria, allowing wide use by client departments. These instruments are established in accordance with federal government procurement policies and regulations.

Based on an assessment of use over time of the procurement instruments that McKinsey and other firms with similar offerings outside the scope of this audit qualified for, the Procurement Branch is currently undertaking an options analysis for new instruments to provide specialized services, such as benchmarking, to the Government of Canada while respecting the principles of fairness, openness and transparency. This procurement strategy will be focused on ensuring value for money and ensuring the integrity of the procurement process by introducing competition to the extent feasible. The lessons learned from this audit, as well as PSPC’s analysis and stakeholder consultations, will be incorporated into the development of future procurement instruments and their associated processes.

The Procurement Branch has fully supported this audit review. Due to the short timeframe allowed for review and the time period covered by the audit scope, not all documents were available, as a result of staff absences and the offsite storage of physical records that predated the transition to primarily electronic record-keeping. The Procurement Branch will continue to compile relevant documents to comply with the various audits.

Management has accepted the audit findings and has developed an action plan to address the recommendations (see Appendix F: Management Action Plan for management action plan). The identified actions are scheduled to be completed by January 2025. PSPC’s Departmental Audit Committee will be engaged in the monitoring of the implementation of this action plan, in line with the department’s standard internal audit processes. If additional issues or recommendations are found following the results of the external reviews by the Office of the Procurement Ombudsman and/or the Office of the Auditor General of Canada (OAG), PSPC will update the management action plan to incorporate these accordingly.

The Deputy Head of PSPC approves this report, including the management action plan.

Appendices

In this section

Appendix A: Acronyms and abbreviations
Appendix B: Glossary
Appendix C: Audit criteria
Appendix D: McKinsey benchmarking services
Appendix E: Detailed observations
Appendix F: Management Action Plan

The following is appendix material to this report.

Appendix A: Acronyms and abbreviations

Table 4: Acronyms and abbreviations
Acronyms and abbreviations	Definition
ACAN	Advance Contract Award Notice
BDC	Business Development Bank of Canada
CAF	Canadian Armed Forces
CBSA	Canada Border Services Agency
CFO	Chief Financial Officer
DND	Department of National Defence
ESDC	Employment and Social Development Canada
EDC	Export Development Canada
FAA	Financial Administration Act
GETS	Government Electronic Tendering Service
IRCC	Immigration, Refugees and Citizenship Canada
IT	Information Technology
McKinsey	McKinsey & Company
OAG	Office of the Auditor General of Canada
OCG	Office of the Comptroller General of Canada
PSPC	Public Services and Procurement Canada
TB	Treasury Board of Canada

Appendix B: Glossary

Table 5: Glossary
Terms	Definition
Advance Contract Award Notice	A public notice indicating to the supplier community that a department or agency intends to award a good, service or construction contract to a pre-identified supplier, believed to be the only 1 capable of performing the work, thereby allowing other suppliers to signal their interest in bidding by submitting a statement of capabilities. Source: Chapter 3 of the Public Services and Procurement Canada Supply Manual
Approval authority	The authority to accept the proposed terms and conditions of the contract on the basis that they are compliant with all relevant legislation, regulations and policy. Source: PSPC Delegation of Authority and Guidance Instrument August 6, 2019
Certification authority	The authority, according to section 34 of the Financial Administration Act, to certify contract performance and price, entitlement or eligibility of the payment. Source: Directive on Delegation of Spending and Financial Authorities
Commitment authority	The authority, according to section 32 of the Financial Administration Act, to ensure that there is a sufficient unencumbered balance available before entering into a contract or other arrangement. Source: Directive on Delegation of Spending and Financial Authorities
Contract	A “binding agreement entered into by a contracting authority and a contractor to procure a good, service or construction.” Source: TB Directive on the Management of Procurement
Contracting authority	The authority to enter into a contract or contractual arrangement on behalf of a department or agency. Source: TB Directive on the Management of Procurement
Expenditure initiation authority	The authority to incur an expenditure (to spend funds) or to make an obligation to obtain goods or services that will result in the eventual expenditure of funds. Source: Directive on Delegation of Spending and Financial Authorities
Former public servant	A former member of a department as defined in the Financial Administration Act, a former member of the CAF or a former member of the Royal Canadian Mounted Police. Source: Chapter 3 of the Public Services and Procurement Canada Supply Manual
Government Electronic Tendering Service	The official and free source suppliers should rely on to find Government of Canada tenders. Source: Find Opportunities of Buyandsell.gc.ca
Signing authority	The authority responsible for ensuring the terms and conditions written in the contract documents reflect those approved by the contract approval authority. Source: PSPC Delegation of Authority and Guidance Instrument August 6, 2019
Standing offer	An offer from a supplier to provide goods and/or services to clients at prearranged prices or pricing basis and under set terms and conditions for a specified period on an as-and-when requested basis. Source: Glossary of the Public Services and Procurement Canada Supply Manual.
Supply arrangement	A non-binding agreement between Public Works and Government Services Canada (PWGSC) and a supplier who is pre-qualified to provide goods or services to the Government of Canada. Source: Glossary of the Public Services and Procurement Canada Supply Manual
Technical authority	The individual responsible for providing information, guidance and advice on the technical aspect of a product. Source: Glossary of the Public Services and Procurement Canada Supply Manual
Transaction authority	The authority to enter into contracts, including acquisition card purchases, or sign off on legal entitlements (for example, employment insurance payments). Source: Directive on Delegation of Spending and Financial Authorities

Appendix C: Audit criteria

Table 6: Audit criteria
Audit objectives	Criteria	Criteria sources
1. The integrity of the procurement process was maintained and consistent with adhering to the Values and Ethics Code for the Public Sector and the Directive on Conflict of Interest	1. Public servants and Public Office Holders ensure that the integrity of the procurement process is maintained and consistent with the Values and Ethics Code for the Public Sector and the Directive on Conflict of Interest.	Conflict of Interest Act – Part I Directive on Conflict of Interest – 4.2.16 Values and Ethics Code for the Public Sector – Integrity section (3) Archived: Contracting Policy (before May 13, 2022) – Archived: section 4.2.12, Archived: 10.8, Archived: 11.1.1, Archived: 12.4 Directive on the Management of Procurement 4.2.2, 4.3.2
	2. Contracting with Former Public Servants and Former Public Office Holders is performed with integrity in accordance with the Directive on Conflict of Interest, Conflict of Interest Act and procurement policy instruments.	Conflict of Interest Act – Part I, Part III (35, 36) Directive on Conflict of Interest – 4.2.16 Values and Ethics Code for the Public Sector – Integrity section (3) Archived: Contracting Policy (before May 13, 2022) – Archived: 4.1.9, Archived: 4.2.20, Archived: Appendix C, Archived: schedule 5 Directive on the Management of Procurement (after May 13, 2022) 4.5.5, 4.6.4, 4.10.1.7
2.1. Standing offers and supply arrangements were established in a fair, open and transparent manner as demonstrated through compliance with the TB policy that was in place at the time (Archived: Contracting Policy Policy or the Directive on the Management of Procurement) ^{table 6 note 1}	1. Procurement: non-competitive standing offer. There is documentation to support the justification for the non-competitive standing offer in accordance with section 6 of the Government Contracts Regulations.	Government Contracts Regulations, [Current to January 25, 2023] – section 6 Contracting Policy Notice 2007-4 – Non-Competitive Contracting Certifications and additional information Firm Price Contracts: Price Certification and Discretionary Audit Procurement Nugget : Non-Competitive Procurement
	2. Procurement: Competitive supply arrangements. Bid evaluation criteria were provided on Request for Supply Arrangement documents and were used for contractor selection in an open, fair and transparent manner.	Solicitation Process Departmental Standard Procurement Templates Standard Procurement Templates Standard Procurement Template Procedures
	3. The pricing in the standing offers have been deemed fair and reasonable.	Certifications and additional information Firm Price Contracts: Price Certification and Discretionary Audit The Practitioner’s Guide for Procurement Pricing Cost and price analysis services Directive on the Use of Cost and Price Analysis Services Procurement Nugget: Cost and Price Analysis Services
	4. Risks related to the procurement instrument have been identified and addressed.	Chapter 3—Procurement Risk Assessment Requirements Addressing Identified Risks in the Approval Document Standing Offer – Buyandsell.gc.ca
	5. Security requirements are addressed to ensure compliance with the provisions of the TB Policy on Government Security .	Archived: Contracting Policy - Section 4 Security Requirements Check List
2.2 The procurements were conducted in a fair, open and transparent manner consistent with the TB policy that was in place at the time (Archived: Contracting Policy or the Directive on the Management of Procurement )	1. Procurement: non-competitive. There is documentation to support the justification for non-competitive procurement contracts in accordance with section 6 of the Government Contracts Regulations.	Archived: Contracting Policy (before May 13, 2022) – sections Archived: 10.2.1, Archived: 10.2.6, Archived: 10.5, Archived: 10.7.30, and Archived: Appendix C Directive on the Management of Procurement (after May 13, 2022) – 4.3.1,4.3.2, 4.3.5 Contracting Policy Notice 2007-4 – Non-Competitive Contracting Government Contracts Regulations – section 6 [Current to January 25, 2023]
	2. Procurement: Competitive. Bid evaluation criteria were provided on Request for Proposal documents and were used for contractor selection in an open, fair and transparent manner.	Archived: Contracting Policy (before May 13, 2022) sections Archived: 4.1.2; Archived: 4.1.4, Archived: 4.1.9; Archived: 16.1.2; Archived: 10.5; Archived: 10.7; Archived: 10.8; Archived: 11.1 and Archived: 11.3, Archived: Appendix J Directive on the Management of Procurement (after May 13, 2022) – 4.1.1, 4.3.1, 4.3.5 ( 4.1.1 procurement framework (PDF) should include detailed requirements)
	3. Contract management – Contracts and contract amendments were approved prior to the receipt of any services or the expiration of the original contract and supporting documentation is retained on file. Documented monitoring and certification of the delivery of the services was implemented.	Archived: Contracting Policy (before May 13, 2022) – sections Archived: 4.2.10; Archived: 11.2; Archived: 11.3; Archived: 12.3; Archived: 12.4.1; Archived: 12.9, Archived: Appendix H 2.6 Directive on the Management of Procurement (after May 13, 2022) – 4.3.1, 4.3.5 (procurement framework (PDF) should include detailed requirements on contract management), 4.10.6 Policy on Government Security Appendix A A.6
	4. Certification Authority (section 34). Certification authority is performed by someone with the delegated authority to do so, is accomplished in a timely manner and verifies the correctness of the payment requested (section 34 of the Financial Administration Act).	Directive on Delegation of Spending and Financial Authorities [2017-04-01] – sections 4.1.11, A.2.2.1.1 to A.2.2.1.3, A.2.2.1.7 to A.2.2.1.9. Financial Administration Act – section 34 [2018-03-18 current to]
	5. Proactive Disclosure – Contracts, including amendments, valued at over $10,000 meet minimum proactive disclosure requirements.	Archived: Contracting Policy (before May 13, 2022) – Archived: section 5.1.6 Directive on the Management of Procurement – Appendix C (after May 13, 2022) Archived: Guidelines on the Proactive Disclosure of Contracts – Canada.ca section 4.1 (amended April 1, 2022). Archived: Proactive Disclosure on Contracts, Guidelines on – section 4.1 [previous version] Access to Information Act (86-1)
3. The procurements were conducted in a manner consistent with the organization’s internal processes and control frameworks (in other words, consistent with procurement management frameworks, financial controls, security controls)	1. Procurements are conducted in a manner consistent with your departmental internal processes and control frameworks.	Archived: Contracting Policy (before May 13, 2022) Directive on the Management of Procurement (after May 13, 2022)
Table 6 note(s) Table 6 note 1 PSPC internal audit added this audit objective and associated criteria and sources to the OCG’s audit criteria given the department’s unique role as a common service provider. Specifically, this relates to the establishment of the National Master Standing Offer and the 3 supply arrangements Return to table 6 note 1 referrer

In assessing the above criteria, the levels below will be used based on the audit team’s professional judgement in determining the results.

Table 7: Levels and explanations of compliance
Level	Explanation
Compliant	All criteria have been observed as fully (100%) compliant.
Partially compliant	Criteria has been observed as partially compliant as there were a limited number of less-significant compliance issues.
Not compliant	Criteria has been observed as partially compliant as there was a high level of non-compliance noted or there was a small number of significant compliance issues.
Unable to assess	Criteria could not be assessed due to a limitation in gathering evidence.
Not applicable	Criteria was not assessed as it does not pertain to the situation.

Appendix D: McKinsey benchmarking services

Contractor solutions are a fully proprietary suite of diagnostics and benchmarking tools. All data captured via these diagnostics comes from Contactor’s global client-base, across all sectors, and is securely stored in compliance with governing legal requirements and other standards agreed to with these clients. The Contractor will provide benchmarking services, consisting of (A) 1 or more benchmarking solutions, plus (B) expert support services.

A. Benchmarking solutions: functional benchmarking tools and databases, to measure organizational performance against industry peers by applying 1 or more of the following benchmarking services as outlined below.
- Digital 20/20 helps organizations realize end-to-end digital, analytics and technology transformations by providing data-driven insights into current maturity across the organization. The suite of diagnostic assessments helps organizations to explore digital and analytics opportunities, identify gaps between current capabilities against those of peers and digital leaders, and build a prioritized roadmap of transformation initiatives to unlock business benefits.
  - Digital Quotient comprehensively measures an organization’s digital maturity and resilience against relevant peers across 4 key dimensions (Strategy, Culture, Organization and Capabilities) and 18 management practices, and contains an online survey-based assessment consisting of approximately 60 questions. It is targeted at the senior-most digital stakeholders within an organization.
  - Technology Quotient is variant of Digital Quotient that provides a forward looking, granular online survey-based assessment with expert support from McKinsey of an IT organization’s readiness to deliver on digital and analytics demands at scale. It covers 5 primary dimensions (Strategy to Backlog, Technology and Architecture, Ways of Working, People Strategy, and Organization Structure) and includes approximately 100 questions targeted at IT managers. It consists of a comprehensive analysis of the core technology functions of the organization with insights on necessary actions required to enable digital and analytic transformations. It identifies the strengths and weaknesses of the organization by comparing against “technology north star” companies.
  - Analytics Quotient evaluates an organization’s Analytics maturity levels along key dimensions that drive financial performance, including costs. It assesses an organization’s strengths and gaps relative to best practice in Analytics and delivers a single Analytics Quotient score to be benchmarked against peers. It contains 6 dimensions (Strategy, Organization, Culture, Data, Models and Tools, Value Assurance), approximately 40 categories, and has 20, 40, and 80 question variants, as selected by the client in collaboration with the Contractor and targeted at different audiences. It is targeted at the senior-most analytics stakeholders within an organization.
  - Automation 360 is a variant of Analytics Quotient that assesses core technology readiness for digital and analytics to identify an organization’s automation maturity across 4 dimensions that impact automation program effectiveness (Strategy, Culture, Organization, and Capabilities). Automation 360 is enabled through an online survey consisting of 17 questions (short survey) or 52 questions (long survey), as selected by the client in collaboration with the Contractor. Targeted at C-Level executives, automation team leaders and teams as well as subject matter experts, the diagnostic collects real-time feedback to understand perceptions of automation across an organization, enables a call to action by assessing maturity and defining current baseline, and builds consensus around progress made and challenges to date to inform and prioritize planned interventions.
  - Digital Capabilities 360 is an objective benchmark of the set of core digital capabilities needed to enable an organization’s digital strategy. It measures 6 major digital dimensions (data-driven digital insights, integrated customer experience, digital marketing, digital operations, next-generation technology, and digital enablers) and 23 digital capabilities needed to enable an organization’s digital strategy. Digital Capabilities 360 contains an online survey-based assessment of more than 300 questions. Digital Capabilities 360 is targeted at subject matter experts within an organization.
  - Technology 360 is a McKinsey expert led online survey-based assessment consisting of the 4 modules of approximately 250 questions each that helps IT organizations rapidly identify and realize optimization opportunities to reduce costs and/or re-invest resources into strategic growth and digital initiatives. The 4 major topics covered are technology management (IT modernization and digital enablement), digital infrastructure (Cloud and infrastructure), Agile360 (agile transformation), and TechOps and delivery excellence (lean IT). These major topics form the 4 categories of questions that the client can choose from. Once the client selects the topic area, a set of questions are produced within the Technology 360 assessment tool. Technology 360 includes detailed benchmarking analysis of technology spend, full-time equivalents, operational productivity and capability maturity to pinpoint opportunity areas for improvement. Further, it identifies the potential dollar impact of moving to peer median for each IT spend category, and prioritizes defined initiatives by IT spend category that the IT organization can pursue to reduce or eliminate gaps between current state and best in class performers. These modules include:
    - IT efficiency (spend and full-time equivalents): IT spend, full-time equivalents layers and proportions, and technical key performance indicators to identify drivers of spend
    - IT capabilities: detailed IT capability assessment across application development and maintenance, architecture, demand management, project portfolio management, infrastructure, organization and governance, cyber security, infrastructure hosting, outsourcing and offshoring, sourcing capabilities
    - IT infrastructure deep-dives: within IT infrastructure, McKinsey offers the client the option to choose 1 of 3 proprietary deep-dive analyses
      - service ticket analysis: using a client’s own IT ticket data (for example ServiceNow, Remedy, etc.), aggregates IT support team performance across units/geographies, identify opportunities for automation and lean process improvement by comparing ticket ageing, queue time, and hops across teams
      - infrastructure acceleration: Determines application allocation to target environment (in other words cloud, on-prem, hybrid) and migration type based on interdependencies, usage patterns, technical profile, financial implications and other parameters
      - application portfolio assessment: Applies advanced analytics to client’s own application inventory (in other words CMDB) to identify cost-reduction potential through application disposition strategies across retain, retire, consolidate, migrate scenarios
      - value capture: Structured workshop(s) to identify and prioritize common levers for developing cost-savings initiatives across IT towers (for example application architecture, infrastructure, sourcing, etc.)
  - Digital Marketing 360 is a comprehensive online survey-based assessment of an organization’s digital marketing capabilities across 8 dimensions such as marketing processes, performance marketing channels, key performance indicators and measurement, content and creatives, data activation, advertising and marketing technology, agency management and digital enablers. The diagnostic contains 8 dimensions (marketing processes; use of performance marketing channels; key performance indicators, measurement, and analytics; content and creatives; data activation; ad tech and marketing tech; agency management practices; and digital enablers). It also includes more than 40 capabilities, and over 200 questions targeted at marketing-specific domain experts helping organizations understand their digital marketing capabilities strengths and weaknesses and to identify digital marketing gaps across different parts of the organization.
  - Agile360 assesses and enables an organization’s Agile and DevOps capabilities and identifies improvement opportunities that drive improved business outcomes. It assesses 4 primary dimensions (people, process, technology, and structure) and 16 agile capability dimensions, using approximately 64 questions and more than 10 business outcome questions. The diagnostic has been run with more than 20 organizations, more than 200 agile teams, consisting of thousands of Agile practitioner respondents. The process includes program set-up and mapping of teams to a taxonomy to identify trends, McKinsey expert-led walkthroughs delivered via an interactive software-based interface, PowerPoint, and/or PDF reports. Multiple questions modules are available at enterprise, team, and discreet capability (for example DevOps) levels. Agile 360 is targeted at C-level executive, agile team leaders and teams, and subject matter experts.
- OrgSolutions: organizational Health Index is the world’s largest database of organizational health information. OHI links to financial performance and explains up to 50% of financial performance variations from organization to organization, helping leaders quantify the impact of practice and culture on financial results. The solution is action-oriented based on the results of the client organization’s survey, matching the organization to a “recipe”, which is defined as a targeted path to reaching the ideal state of one’s organizational health after addressing weaknesses and capitalizing on strengths. The proprietary database contains 3 million employee responses that have been cleansed, anonymized and categorized, from over 1,700 global organizations in 100 countries across 88 benchmarks (34 industry sectors, 15 specialty organization types, 30 countries).

The full Organizational Health Index which offers:

Qualitative analysis of Organizational Health (98 questions) administered to up to 10,000 people;
Customizable to slight language modifications and optional modules;
Allows for additional languages (for example, English and French);
Report-out session, access to additional online support centre;
Includes ability to perform “back-coding” (tying results to demographics from and human resource information system, rather than self-reporting demographics in the survey); and
Includes access to online reporting tool for 3 months.

B. Expert support services: to be provided by a Leadership Counseling Team or Team A or Team B to measure organizational performance against industry peers by applying 1 or more of the selected benchmarking solutions.

Team A integrates 7 distinctive capabilities into a seamless offering:

Committed leadership by at least 2 McKinsey Partners/Senior Partners (part-time), who are accountable for delivery, actively manage the engagement, and lead problem solving with the team.
A full-time team of 1 Engagement Manager and 1 Associate or Business Analyst, who lead the day-to-day work (for example interviews and data collection, analysis, problem solving, communications). The full-time team draws upon the following resources, capabilities, and expertise as much as needed to deliver superior results to the client.
Subject matter experts and extended leadership (part-time), who bring world-class expertise and experience on relevant industry and functional topics.
Proprietary knowledge and tools that help our clients solve problems more efficiently and effectively.
Support for new solutions and advanced analytic techniques.
A research team that is available around the-clock to answer clients’ questions about issues such as best practices or important trends.
World-class graphics support.

Team B integrates 7 distinctive capabilities into a seamless offering:

Committed leadership by at least 2 McKinsey Partners/Senior Partners (part-time), who are accountable for delivery, actively manage the engagement, and lead problem solving with the team.
A full-time team of 1 Engagement Manager and 2 Associates or Business Analysts, who lead the day- to-day work (for example interviews and data collection, analysis, problem solving, communications). The full-time team draws upon the following resources, capabilities, and expertise as much as needed to deliver superior results to the client.
Subject matter experts and extended leadership (part-time), who bring world-class expertise and experience on relevant industry and functional topics.
Proprietary knowledge and tools that help our clients solve problems more efficiently and effectively.
Support for new solutions and advanced analytic techniques.
A research team that is available around-the-clock to answer clients’ questions about issues such as best practices or important trends.
World-class graphics support.

Leadership Counseling integrates 5 distinctive capabilities into a seamless offering:

Committed leadership by at least 1 McKinsey Partner (part-time), who is accountable for delivery and actively manages the engagement
Subject matter experts and extended leadership (part-time), who bring world-class expertise and experience on relevant industry and functional topics
Proprietary knowledge and tools that help our clients solve problems more efficiently and effectively
Support for new solutions and advanced analytic techniques
A research team that is available around-the-clock to answer clients’ questions about issues such as best practices or important trend

Source: National Master Standing Offer with McKinsey.

Appendix E: Detailed observations

Table 8: Detailed observations
Audit criteria	Audit assessment^{table 8 note 1}		Rationale for assessment
Audit criteria	Public Services and Procurement Canada as a common service provider (contracting authority)	Public Services and Procurement Canada as a client department (technical authority)	Rationale for assessment
Audit objective 1: The integrity of the procurement process was maintained and consistent with adhering to the Values and Ethics Code for the Public Sector and the Directive on Conflict of Interest
1. Public servants and Public Office Holders ensure that the integrity of the procurement process is maintained and consistent with the Values and Ethics Code for the Public Sector and the Directive on Conflict of Interest.	Compliant	Compliant	No evidence to demonstrate that the Minister nor the Minister’s staff were influenced in any way the selection of the supplier. The Minister and the Minister’s staff were only involved in approving 1 call-up against the National Master Standing Offer in adherence to the PSPC’s Delegated of Authority and Guidance Instrument. Notably, the audit team found that no documents were on file denoting that conflicts of interest were declared by current public service or office holders for any of the 24 contracts.
2. Contracting with Former Public Servants and Former Public Office Holders is performed with integrity in accordance with the Directive on Conflict of Interest, Conflict of Interest Act and procurement policy instruments.	Compliant	Compliant	All 24 contracts contained clauses for former public servants to self-identify. No documents were on file denoting that conflicts of interest were declared by the supplier for any of the 24 contracts.
Audit objective 2.1: Standing offers and supply arrangements were established in a fair, open and transparent manner as demonstrated through compliance with the Treasury Policy that was in place at the time (Archived: Contracting Policy or the Directive on the Management of Procurement).
1. Procurement: non-competitive standing offers and supply arrangements. There is documentation to support the justification for non-competitive standing offers or supply arrangements in accordance with section 6 of the Government Contracts Regulations.	Partially compliant	N/A	Standing offer: The initial standing offer was signed and approved by individuals with the appropriate delegated authority. However, while the 2 amendments were approved by the appropriate delegated authority, only 1 copy was signed by PSPC and McKinsey. A sole source justification denoting that exception 6.(d) the Government Contracts Regulations has been invoked along with responses to the 7 TB questions were on file. However, there was no evidence on file of research being conducted at the time of the establishment of the standing offer to confirm that there were no alternative sources of supply for the same or equivalent service.
2. Procurement: Competitive standing offers and supply arrangements. Bid evaluation criteria were provided on Request for Proposal documents and were used for contractor selection in an open, fair and transparent manner.	Partially compliant	N/A	Supply arrangement For 1 of the 3 supply arrangements, copies signed by both PSPC and McKinsey were on file but only 1 party signed for the remaining 2 supply arrangements. Also, copies of 3 of the 4 related amendments were signed by both PSPC and McKinsey but the third amendment was only signed by PSPC. All 3 supply arrangements had appropriate requirements for services, bid selection methodology and evaluation criteria. However, there were no individual assessments on file and the results of consensus evaluation on file were not dated and signed.
3. The pricing in the standing offers and supply arrangements has been deemed fair and reasonable.	Compliant	N/A	Standing offer: Cost and price analysis services was engaged, which was deemed pricing as fair and reasonable. Supply arrangements: Not applicable as all 3 supply arrangements did not contain pricing.
4. Risks related to the procurement instrument have been identified and addressed.	Partially compliant	N/A	Standing offer: A Procurement Risk Assessment Result that outlines the overall risk level and a Procurement Risk Assessment Summary that lists all the identified risks were on file. Supply arrangements Only 1 of the 3 supply arrangements have documentation to confirm the undertaking of risk assessments on file.
5. Security requirements are addressed to ensure compliance with the provisions of the TB policy on Government Security.	Compliant	N/A	Standing offer: There are no policy requirements for companies to be screened for security at the establishment of a standing offer. Furthermore, the security requirements were not required at the time the instrument was established. Security instructions for the call-ups outlined in the standing offer were contradictory between the cover page and section 8. The Procurement Branch representatives confirmed that the cover page was incorrect and the intent was to allow for various security requirements for call-ups. Supply arrangements for all 3 supply arrangements, the audit team found evaluation summary checklists indicating that the security clearance for McKinsey was compliant prior to the procurement instrument being put in place. Furthermore, McKinsey had the appropriate security clearance, which was recorded in the Departmental and Industrial Security Information System
Audit objective 2.2: The procurements were conducted in a fair, open and transparent manner consistent with the TB policy that was in place at the time (Archived: Contracting Policy or the Directive on the Management of Procurement).
1. Procurement: non-competitive. There is documentation to support the justification for non-competitive procurement contracts in accordance with section 6 of the Government Contracts Regulations.	Non-compliant	Partially compliant	PSPC as a common service provider: All 19 call-ups and related amendments that had financial implications had signed forms on file confirming commitment authority. Of the 19 call-ups, 18 had statements of work. However, 17 only referenced the statement of work developed for the National Master Standing Offer or to McKinsey’s proposal, which is not sufficient to comply with policy requirements. Also, 1 of the 19 call-ups had justifications for the use of a non-competitive contract and for choosing the procurement vehicle. Furthermore, 5 of the 19 call-ups had documentation on file confirming that the contracting officer ensured alignment between the call-up and the standing offer. Given that there was no documentation on file demonstrating the client departments compliance with respect to providing their own requirements and developing the required justifications, a challenge function was not effectively conducted by contracting officers in these regards. The overall lack of contract documentation on file, resulted in the inability to conclude as to whether the statement of work was completed prior to vendor selection and contract award, the use of the National Master Standing Offer was in fact, the best procurement instrument to meet client department requirements, and if there was contract splitting. All 19 call-ups adhered to the procedures, including obtaining approval from the PSPC if the call-up exceed $200K, and the pricing was based on the amounts outlined in the standing offer. For the 19 call-ups, the duration was reasonable. PSPC as a client department: For the 1 non-competitive contract subject to delegated financial authority, expenditure initiation and commitment authority was appropriately exercised. For the 2 non-competitive contracts, none had statement of works on file prior to contract award resulting in the inability to confirm that they were appropriately developed. Of the 2 non-competitive contracts, only 1 had a justification for the use of the limited tendering. For the 1 non-competitive contract against a supply arrangement, the justification for choosing the procurement vehicle and support to demonstrate alignment between the supply arrangement and tasks required by the contract were on file. For the 2 non-competitive contracts, there was no evidence of contract splitting. For the 1 non-competitive contract against a supply arrangement, procedures were followed. However, while there was some documentation on price, there was no support demonstrating that the price was fair and reasonable. For the 1 non-competitive contract with financial implications, confirmation if services were provided after contract award was not possible as expenses were not fully supported by documentation (for example, invoices did not contain sufficient details). For the 2 non-competitive contracts, the duration were reasonable.
2. Procurement: competitive. Bid evaluation criteria were provided on Request for Proposal documents and were used for contractor selection in an open, fair and transparent manner.	Partially compliant	Partially compliant	PSPC as a common service provider: For the 2 competitive contracts, signed forms were on file confirming commitment authority. The 2 competitive contracts had statements of work that were was appropriately developed and challenged by contracting authority. For 2 competitive contracts, the bid selection method and evaluation criteria were outlined in the bid solicitation document before the Request for Proposal was issued. For both contracts, there was no documentation on file to confirm the rationale for the identification of mandatory evaluation criteria. Furthermore, some potential bidders asked questions about the criteria, but there was no response on file to indicate how they were addressed. The absence of any rationale resulted in the inability to assess the appropriateness of the mandatory criteria, which could be perceived as overly restrictive. That being said, the criteria for both contracts was challenged by the contracting authority. Additionally, for 1 contract, the bid was fully evaluated in accordance with all the terms and conditions of the solicitation. For the other contract, while no copies of the signed individual evaluation forms or the consensus evaluation form was on file, the remaining aspects of the bid were evaluated in accordance with the terms and conditions of the solicitation. Notably, McKinsey was the only bidder for each of the contracts. For the 2 competitive contracts, the duration were reasonable. For the 2 competitive contracts, there was no evidence of contract splitting. PSPC as a client department: For the 1 competitive contract, expenditure initiation and commitment authority, were exercised by appropriate delegated authorities. For the 1 competitive contract, a statement of work was appropriately developed and challenged by contracting authority. For the 1 competitive contract, the bid selection method and evaluation criteria were outlined in the bid solicitation document. However, there was no documentation on file to validate that they were prepared prior to issuing the Request for Proposal. The criteria was found not to be too restrictive and it was challenged by the contracting authority. Additionally, the bid was partially evaluated in accordance with the terms and conditions of the solicitation as there was no evidence that the individual evaluations and consensus report were unsigned. In the end, there were 2 bidders, and the contract was awarded to the top ranked firm; McKinsey. For the 1 competitive contract, there was no evidence of contract splitting. For the 1 competitive contract, confirmation if services were provided after contract award was not possible as expenses were not fully supported by documentation (for example, invoices did not contain sufficient details). For the 1 competitive contract, the duration was reasonable.
3. Contract management - Contracts and contract amendments were approved prior to the receipt of any services or the expiration of the original contract and supporting documentation is retained on file. Documented monitoring and certification of the delivery of the services was implemented.	Partially compliant	Partially compliant	PSPC as a common service provider: For the 4 call-ups amendments and 3 amendments related to 1 of the 2 competitive contracts, all were justified and substantiated. Security requirements were determined for all 19 call-ups and 2 competitive contracts. However, 1 call-up did not have an approved Security Requirements Check List. All 19 call-ups were signed and issued before the expiry date of the of the National Master Standing Offer. Furthermore, the 4 amendments were signed by both PSPC and McKinsey before the end date of the initial call-up. However, for 2 of the call-ups and 2 of the 4 amendments, the end dates were subsequent to the end date of the National Master Standing Offer. In terms of transaction authority, 14 of the 19 initial call-ups and all related amendments with financial implications, were signed and approved by the appropriate delegated authority. Notably, 4 call-ups could not be assessed as the specimen signature card denoting delegated authority was not available. Also, for 1 of the call-ups and 1 amendment, the system producing that the required approval level for contract, erroneously identified that Manager approval was needed when Ministerial approval was required. While the system has not yet been fixed, an interim solution has been implemented. With respect to transaction authority for the 2 competitive contracts, 1 of the contracts was signed by the appropriate delegated authority but approval authority could not be confirmed as the specimen signature card denoting delegated authority was not available. For the second contract, the form that identifies the required level for signing and approving the contract was on file but it was not approved resulted in the inability to fulsomely assess the appropriateness delegated authority. Nonetheless, the contract and 2 amendments were signed or approved an individually with delegated authority. For the third amendment, the appropriateness delegated authority as their specimen cards were not available for the individuals who signed and approved the amendment. All 19 call-ups and 2 competitive contracts as well as all related amendments respected the PSPC contracting limits outlined in the respective policy. Note As a common service provider, PSPC does not monitor the work completed by the contractor but may be consulted by the client department. Client departments are responsible for reporting any contract administration problems to the contracting authority as Annex 1.1 of the Public Services and Procurement Canada Supply Manual. PSPC as a client department: Security requirements were determined for 3 contracts. Furthermore, for 1 of the 3 contracts, consultants had the required security levels, for the second contract, security clearances were on file for 1 of the 3 consultants, and for the third contract, security clearances for any of consultants were not on file. All 4 amendments were signed by both PSPC and McKinsey before the end date of the initial contracts or previous amendment and were justified and substantiated. Also, confirmation if services were confirmed that they were provided after contract award was not possible as expenses were not fully supported by documentation (for example, invoices did not contain sufficient details). In terms of transaction authority, all 3 contracts and related amendments were signed and approved. Furthermore, all 3 contracts respected the PSPC contracting limits outlined in the respective TB policy.
4. Certification authority (section 34). Certification authority is performed by someone with the delegated authority to do so, is accomplished in a timely manner and verifies the correctness of the payment requested (section 34 of the Financial Administration Act).	N/A	Partially compliant	PSPC as a common service provider: Not applicable PSPC as a client department: PSPC has 3 contracts but only 2 were subject to delegated authority as the third contract had a nil dollar value. Of the 2 contacts certification authority was exercised by an individual with the appropriate delegated authority. For both contracts, expenses were not fully supported by documentation (for example, invoices did not contain sufficient details). Additionally, documentation on file denoted progress meetings were held with McKinsey.
5. Proactive disclosure. Contracts, including amendments, valued at over $10,000 meet minimum proactive disclosure requirements.	N/A	Partially compliant	PSPC as a common service provider: Not applicable PSPC as a client department: Only 2 of the 3 contracts were subject to proactive disclosure. While both were disclosed, 1 had inconsistencies in the start and end date of the contract between the information published, and that on file.
Audit objective 3: The procurements were conducted in a manner consistent with the organization's internal processes and control frameworks (in other words., consistent with procurement management frameworks, financial controls, security controls).
1. Procurements are conducted in a manner consistent with your departmental internal processes and control frameworks.	Partially compliant	Compliant	The role of PSPC as a common service provider and for departmental acquisitions within PSPC’s own delegated authority was assessed. Additionally, compliance within objective #3 is being tested on an exception basis; that is, not including internal processes and framework elements that are being tested as part of objectives #1 and #2. Responsibilities are identified by procurement activity with each role identified as either lead, contributing or shared but there is no associated definition and accountability. Training, tools, and resources available to support contracting officers in the discharge of their procurement-related responsibilities. Also, information-sharing process exists to support the efficient and targeted dissemination of relevant and reliable information to those that need it. However, instances of non-compliance may result if policy is misinterpreted or if roles, responsibilities, and accountabilities are not clearly defined, documented, and communicated. Monitoring and oversight activities are in place but would benefit from improvements. Contracts are assessed for procurement complexity and risk but the system producing the required approval level for contract, erroneously identified that Manager approval was needed when Ministerial approval was required. While the system has not yet been fixed, an interim solution has been implemented. The National Master Standing Offer and the 3 supply arrangements had an integrity verification on file. Furthermore, for the 3 competitive contracts, integrity provisions were appropriately included and integrity verifications were performed. Additionally, during the scope period the status of McKinsey remained unchanged under the Integrity Regime, and there were no impediments or restrictions under the Regime placed upon the supplier. A fairness monitor was not engaged for any of the 3 competitive contracts under the scope of this audit at the procurement planning stage since they did not meet the merits as per section 3.135 of the Public Services and Procurement Canada Supply Manual. No performance issues were reported or vendor performance compliance assessments conducted or applied to the company in the system for McKinsey during the scope period.
Table 8 note(s) Table 8 note 1 See Appendix C: Audit criteria for audit assessment levels. Return to table 8 note 1 referrer

Appendix F: Management Action Plan

Table 9: Management Action Plan
Recommendation	Management action	Area responsible	Expected deliverables per action	Expected completion date
1. The Assistant Deputy Minister, Procurement Branch, should ensure that information resources of business value related to contract administration are accessible, preserved and retained throughout the procurement lifecycle to support fair, open, and transparent procurement. This would include documentation on the statement of work for call-ups, justifications for sole source and procurement strategy, and contracting delegation of authorities.	In May 2022, the Acquisitions Program incorporated requirements with respect to electronic file documentation for procurements into Public Services and Procurement Canada Supply Manual. This was followed by a procurement file checklist in September 2022. These activities were undertaken as a response to the Government of Canada’s transition to the Electronic Procurement Solution, and were undertaken after the National Master Standing Officer and the majority of the call-ups for McKinsey were established.	Procurement Branch	No data	No data
	1.1 Develop guidance and ensure awareness though a branch-wide communique of information management requirements for Schedule 3 documentation.	Procurement Branch	1.1 Communique sent to staff	September 2023
	1.2 Develop training session for procurement officers to ensure awareness and understanding of information management requirements for procurement files.	Procurement Branch	1.2 Training sessions developed	June 2023
	1.3 Deliver training to procurement officers and incorporate into learning road maps and training curriculum.	Procurement Branch	1.3 80% of all procurement staff have received training.	June 2024
	1.4 Complete a review of a sample of procurement files to validate implementation of new guidance and tools and success of the training.	Procurement Branch	1.4 Report on the completeness of procurement file documentation	January 2025
2. The Assistant Deputy Minister, Procurement Branch. should ensure that PSPC, as a service common provider, performs a robust challenge function during the contracting process, that is properly documented. This would include when multiple contracts could be awarded to the same vendor by the same department or agency within a short period of time.	In January 2023, a new challenge function and processes were implemented for non-competitive standing offers for benchmarking services. For example, procurement officers at PSPC require clients to provide a sole source justification for each call-up and validate that the statement of work provided by the client aligns with the scope of the procurement tool. This activity was undertaken as a response for the need to strengthen PSPC’s service common provider role, and were undertaken after the National Master Standing Officer and the majority of the call-ups for McKinsey were established.	Procurement Branch	No data	No data
	2.1 Reassess the procurement approaches for acquiring benchmarking services and launch process for new method(s) of supply with appropriate governance and challenge functions.	Procurement Branch	2.1 Updated procurement strategy for benchmarking services	October 2023
	2.2 Modify guidance and tools for contracting officers with respect to documentation required for non-competitive national master standing offers, including guidance on awarding multiple contracts to 1 vendor by the same department.	Procurement Branch	2.2 Updated guidance and tools for procurement officers	June 2024
	2.3 Review and update current guidance and tools to ensure clear communication, and processes exist around the expectations of PSPC’s role to ensure the integrity of the procurement process through a robust challenge function.	Procurement Branch	2.3 Updated guidance and tools for contracting	June 2024
3. The Assistant Deputy Minister, Procurement Branch, should review and clarify the procurement roles, responsibilities and accountabilities between PSPC and client departments, especially in terms of clarifying the roles noted as “contributing” to the process included in Annex 1.1: Matrix of Responsibilities of the PSPC Supply Manual.	3.1 Conduct a review of the Matrix of Responsibilities in the Public Services and Procurement Canada Supply Manual to clarify the roles and responsibilities of PSPC and client departments, and update the Matrix of Responsibilities, as required.	Procurement Branch	3.1 Revised Matrix of Responsibilities	December 2023
	3.2 Communicate changes in roles and responsibilities internally and externally to client departments for consistent understanding, and consider/evaluate if training is warranted.	Procurement Branch	3.2 Communicate changes internally and externally to client departments	April 2024
4. The Assistant Deputy Minister, Procurement Branch, should ensure that a rigorous process is in place for procurement planning that identifies and addresses risks and integrates best practices.	A new operational procurement governance mechanism for Procurement Branch, the Procurement Review Committee, was implemented in January 2023 with a mandate to review, recommend and incorporate sound stewardship considerations into federal procurement. This activity was undertaken as a response for the need to review certain large and complex federal procurements for alignment with mandate commitments, and was introduced after the National Master Standing Offer and call-ups for McKinsey were established.	Procurement Branch	No data	No data
	4.1 Develop a contract quality control review process to identify risks associated with meeting key procurement policies and procedures.	Procurement Branch	4.1 Pro-active contract review process	June 2024

Footnotes

Footnote 1

On April 11, 2019, the contracting limits for organizations and PSPC were updated to reflect a 25% increase to account for inflation (Appendix C in the TB Archived: Contracting Policy). Also, note that the TB Directive on the Management of Procurement came into effect May 13, 2021 and that the TB Archived: Contracting Policy was fully rescinded May 13, 2022.

Return to Footnote1 referrer

Footnote 2

For the purposes of this report, approval and signing are referring to approval authority and signing authority, respectfully.

Return to Footnote2 referrer

Footnote 3

The supplier is not required to sign the call-up as they accepted the terms and conditions when establishing the National Master Standing Offer.

Return to Footnote3 referrer

Footnote 4

The Acquisition Program is comprised of the Procurement Branch, the Defence and Marine Procurement Branch and the procurement-related areas in the regions.

Return to Footnote4 referrer

Footnote 5

PSPC’s Executive Committee is the Deputy Minister’s key forum for information sharing, collaboration and decision-making on program, policy and internal management issues.

Return to Footnote5 referrer

Page details

Date modified:: 2024-06-11

Assurance report: Internal Audit of Federal Government consulting contracts awarded to McKinsey & Company

1. Conformance with professional standards

2. Background

3. Audit objectives and scope

Table 2 note(s)

4. Approach

5. Findings and recommendations

5.1 Objective 1: Integrity of the procurement process

5.1.1 Values and ethics

5.1.2 Current public servants and public office holders

5.1.3 Conflict of interest for suppliers

5.1.4 Former public servants and public office holders

5.1.5 Conclusion

5.1.6 Recommendations

5.2 Objective 2: Fairness, openness, and transparency, in line with applicable policy

5.2.1 Establishment of the standing offer and supply arrangements

5.2.1.1 National Master Standing Offer

5.2.1.2 Establishment of supply arrangements

5.2.1.3 Conclusion

5.2.2 Call-ups and contracts

5.2.2.1 Defining requirements and determining procurement strategy

Public Services and Procurement Canada as a common service provider

Public Services and Procurement Canada as a client department

5.2.2.2 Contract splitting

Public Services and Procurement Canada as a common service provider

Public Services and Procurement Canada as a client department

5.2.2.3 Security requirements

Public Services and Procurement Canada as a common service provider

Public Services and Procurement Canada as a client department

5.2.2.4 Procedures and pricing for call-ups against a standing offer/non-competitive contracts against a supply arrangement

5.2.2.5 Bid evaluations for competitive contracts

Public Services and Procurement Canada as a common service provider

Public Services and Procurement Canada as a client department

5.2.2.6 Delegation of authorities

Public Services and Procurement Canada as a common service provider

Public Services and Procurement Canada as a client department

5.2.2.7 Proactive disclosure

5.2.3 Conclusion

5.2.4 Recommendations

5.3 Objective 3: Adherence to departmental processes and control frameworks

5.3.1 Roles, responsibilities, and accountabilities

5.3.2 Training, tools, and resources

5.3.3 Monitoring and oversight

5.3.3.1 Reviews and subject matter experts

5.3.3.2 Post-procurement review

5.3.3.3 Oversight committee

5.3.4 Key programs

5.3.4.1 Procurement Complexity Assessment and Procurement Risk Assessment

5.3.4.2 Government of Canada’s Integrity Regime

5.3.4.3 Fairness Monitoring Program

5.3.4.4 Vendor Performance Corrective Measures Policy

5.3.5 Conclusion

5.3.6 Recommendations

6. Management response

Appendices

Appendix A: Acronyms and abbreviations

Appendix B: Glossary

Appendix C: Audit criteria

Table 6 note(s)

Appendix D: McKinsey benchmarking services

Appendix E: Detailed observations

Table 8 note(s)

Appendix F: Management Action Plan

Page details